Expl-iot – IOT Security Testing and Exploitation Framework

IoT devices is becoming more and more exposed to internet. this to improve device functionality and provide more features to customer. searching shodan will show a large number of IoT devices with exposed UI , exposed login page or just using the default credentials. This can be due to users limited security implementation background. If you are looking to test IoT security you can check Expl-iot

Expl-iot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins.

Expl-iot – IOT Security Testing and Exploitation Framework

The objective behind this framework is:

Easy to use

Easy to extend

Support for most IoT protocols

Support for Radio IoT protocols

Support for hardware protocols

One-stop-shop for IoT and IoT infrastructure security testing.

There is 19 plugins with test cases:

BLE Charecteristic value fuzzer

BLE Scanner

BLE charecteristic writer

BLE Tapplock unlock

CANbus reader

CANbus writer

CoAP GET

CoAP Sample Summary

I2C EEPROM Reader

I2C EEPROM Writer

Modbus TCP Reader

Modbus TCP Writer

MQTT authentication cracker

MQTT Publisher

MQTT Subscriber

SPI Flash Reader

SPI Flash Writer

Serial console command brute-forcer/fuzzer

Kankun SmartPlug Hijacker

The challenge with IoT devices is having several interfaces and services such as Web, SSH, Telnet or just a non standard port/protocol.